• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA certificate

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> ISA certificate Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA certificate - 5.Feb.2013 9:15:43 AM   
guestisa5445

 

Posts: 1
Joined: 5.Feb.2013
Status: offline
Ok, here's something I can't wrap my head around.

Right now we're migrating to 2010 and have both servers working and up and running. Our current remote setup for our mobile users is active sync. Anytime a user connects remotely, they first hit a proxy server, which is directed to another ISA server, then to EX2003. There's one certificate with CN proxy.example.com installed on EX2003 and a matching on the ISA server, and the users are connecting with that same common name, proxy.example.com. Here's my question. We're getting rid of the proxy server and running solely on ISA 2006 (single homed), so, If I have a purchased a new third party cert with a SAN of legacy.example.com, would I..

1) Install that one both on 2003, 2010, and ISA (removing the proxy.example.com from ISA) and setup a virtual directory on 2010 and matching on 2003? Since the ISA has one nic, I can't see what else to do since I can't setup a different IP for a different server on the same web listener.

2) The ISA is virtual. I could install an additional NIC, keep users connecting through old proxy.example.com and old cert to 2003, and setup a new web listener for a different IP (or IP on same listener?) for 2010 users and attach new third party cert to it. This way when a 2003 mailbox converts to 2010, I could just have them use the new legacy.example.com at that time without a need for a virtual directory redirection? Someone else purchased the legacy certificate, so even though it's titled legacy, we can use it any way we want moving forward.
Post #: 1
RE: ISA certificate - 25.Feb.2013 4:25:24 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
If the ISA has only one nic then don't wast your time even involving it in the process. When running one nic the ISA is only capable of acting as a Web Caching Proxy. It is possible to still do Web Publishing with it,...but in my opinion it is a waste of time,...uselessly creates another point of failure to troubleshoot when it quits working,...and any security benefits are negligible at best.

_____________________________

Phillip Windell

(in reply to guestisa5445)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> ISA certificate Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts